State employees have a responsibility to protect state data by following cybersecurity best practices.
Computers and Mobile Devices
- Use state-issued computers and mobile devices, rather than personal devices.
- Never let anyone else use your state-issued device (this includes family members and people on your work team).
- Use only authorized and licensed organizational systems, software, and applications to process, send, and store data.
- Install software updates as soon as they’re available. This will safeguard against cyber criminals taking advantage of known software bugs and other vulnerabilities.
- Keep personal devices up-to-date to protect your home computers and networks.
- Set your computer to install software updates automatically.
- Install and maintain a current antivirus solution – many internet providers offer free antivirus products through your account portal. This includes Comcast, Charter, CenturyLink, and most other providers.
Connecting to the Internet
- Utilize home Wi-Fi or connect using Ethernet whenever possible.
- Secure your home network with a strong passphrase and name that doesn’t identify the user or location.
- If using non-home Wi-Fi, use your mobile phone as a hot spot for a more secure connection.
- Always confirm the name of the Wi-Fi connection you intend to use to avoid using a similarly named fraudulent network.
Accessing State Systems
- Use agency-approved VPN to connect to the state network. Learn how to use VPN.
- Use strong passwords or passphrases.
- Log in with the lowest level user account and elevate privileges if necessary.
- Use only the state-provided password manager on your laptop to store work passwords.
- Screen lock your computer and mobile devices before stepping away.
Data and Resources
- Only access official websites.
- Don’t download sensitive data to your computer or mobile device.
- Don’t send or receive sensitive data while using public Wi-Fi unless connected through the agency-approved VPN.
Phishing Attacks and Malware
- Be wary of any external emails related to COVID-19. Rely on trusted resources such as the Minnesota Department of Health and Centers for Disease Control websites for up-to-date information.
- Avoid responding to unsolicited emails or phone calls from external sources.
- Don’t click on links or attachments unless they have been verified as legitimate.
- Confirm any request for state data by alternate means to verity the request is authentic.
Reporting Phishing or Security Incidents
- Report suspected phishing attacks: Highlight the message and forward it as an attachment to email@example.com.
- If you are using Office 365 Webmail, report Spam/Phishing messages using the Junk button above the message.
- Report any suspected security incidents: Contact the Service Desk at 651-297-1111 and notify your manager or supervisor.